CN103391520B - A kind ofly tackle the malice method of note, terminal, server and system - Google Patents
A kind ofly tackle the malice method of note, terminal, server and system Download PDFInfo
- Publication number
- CN103391520B CN103391520B CN201210140190.8A CN201210140190A CN103391520B CN 103391520 B CN103391520 B CN 103391520B CN 201210140190 A CN201210140190 A CN 201210140190A CN 103391520 B CN103391520 B CN 103391520B
- Authority
- CN
- China
- Prior art keywords
- note
- link information
- malicious
- malicious link
- storehouse
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses and a kind ofly tackle the malice method of note, terminal, server and system, belong to the communications field.Described method comprises: when receiving note and described note comprises link information, extract the link information that described note comprises; Whether be malice note, described malicious link storehouse comprises malicious link information if detecting described note according to the link information of the malicious link storehouse stored and described extraction; If described note is malice note, then tackle described note.Described system comprises: mobile terminal and server.Described mobile terminal comprises: extraction module, first detection module and blocking module.Described server comprises: receiver module, the second detection module and notification module.The present invention can protect the information security of user.
Description
Technical field
The present invention relates to the communications field, particularly a kind ofly tackle the malice method of note, terminal, server and system.
Background technology
Along with the development of mobile terminal technology and development of Mobile Internet technology, information communication is more ripe in the application of mobile terminal.The development of information technology, while making people enjoy more how different information and software service, is also subject to the threat of fallacious message.
Wherein, maliciously note is one of common fallacious message, malicious link information is usually comprised in malice note, for a malice note, user browses this malice note when not knowing that it is malice note and clicks the malicious link information that this malice note comprises, and mobile terminal is downloaded automatically and installs Malware corresponding to this malicious link information.Wherein, Malware is usually wooden horse or viral supervisor, installs and can constitute a threat to the information security of user in the terminal.
Summary of the invention
In order to protect the information security of user, the invention provides and a kind ofly tackle the malice method of note, terminal, server and system.Described technical scheme is as follows:
Tackle a method for malice note, described method comprises:
When receiving note and described note comprises link information, extract the link information that described note comprises;
Whether be malice note, described malicious link storehouse comprises malicious link information if detecting described note according to the link information of the malicious link storehouse stored and described extraction;
If described note is malice note, then tackle described note.
The described note of described interception, comprising:
Convert the link information that described note comprises to character string, more described note is left in default memory space to realize tackling described note; Or,
Described note is left in default memory space, when user checks described note, convert the link information that described note comprises to character string, then show the content of described note, to realize tackling described note; Or,
Directly abandon described note, to realize tackling described note.
Whether the malicious link storehouse that described basis has stored and the link information of described extraction detect described note is malice note, comprising:
Search the link information that whether there is described extraction in local the first malicious link storehouse stored;
If there is the link information of described extraction in described first malicious link storehouse, then detect that described note is for malice note;
If there is not the link information of described extraction in described first malicious link storehouse, then search the link information that whether there is described extraction in the second malicious link storehouse of server stores, if there is the link information of described extraction in described second malicious link storehouse, then detect that described note is for malice note, if there is not the link information of described extraction in described second malicious link storehouse, then detect that described note is non-malicious note.
Described method also comprises:
If described note is non-malicious note, then whether, when user downloads corresponding software according to the link information in described note, detecting described software according to anti-virus storehouse is bogusware;
If detect that described software is bogusware, then determine that the link information that described note comprises is malicious link information, report described malicious link information to server, and described malicious link information is added in local the first malicious link storehouse stored.
Described method also comprises:
The malicious link information of reception server broadcast, according to the first malicious link storehouse that malicious link information updating this locality of described reception stores.
Tackle a method for malice note, described method comprises:
The link information that mobile terminal receive sends, described link information is the link information in the note after described mobile terminal detects according to its local first malicious link storehouse stored;
Whether be malicious link information, described second malicious link storehouse comprises malicious link information if detecting described link information according to the second malicious link storehouse of this locality storage;
If described link information is malicious link information, then notify described mobile terminal, make described mobile terminal determine that described note is malice note and tackles described note according to described notice.
Described method also comprises:
The malicious link information of mobile terminal receive report, and record each malicious link information by the number of times reported and density;
According to each malicious link information by the number of times reported and density, broadcast described malicious link information to described mobile terminal, make described mobile terminal according to its local first malicious link storehouse stored of the malicious link information updating of described broadcast.
A kind of mobile terminal, described mobile terminal comprises:
Extraction module, for when receiving note and described note comprises link information, extracts the link information that described note comprises;
First detection module, whether is malice note for detecting described note according to the link information in the malicious link storehouse stored and described extraction, described malicious link storehouse comprises malicious link;
Blocking module, if be malice note for described note, then tackles described note.
Described blocking module comprises:
First converting unit, converts character string to for the link information described note comprised, then to realize tackling described note in the memory space described note being left in expectation; Or,
Second converting unit, for leaving in default memory space by described note, when user checks described note, converts the link information that described note comprises to character string, then shows the content of described note, to realize tackling described note; Or,
Discarding unit, for directly abandoning described note, to realize tackling described note.
Described first detection module comprises:
Local detecting unit, for searching the link information that whether there is described extraction in local the first malicious link storehouse stored, if there is the link information of described extraction in described first malicious link storehouse, then detects that described note is for malice note;
High in the clouds detecting unit, if for the link information that there is not described extraction in described first malicious link storehouse, then search the link information that whether there is described extraction in the second malicious link storehouse of server stores, if there is the link information of described extraction in described second malicious link storehouse, then detect described note for malice note, if there is not the link information of described extraction in described second malicious link storehouse, then detect that described note is non-malicious note.
Described mobile terminal also comprises:
Second detection module, if be non-malicious note for described note, then whether, when user downloads corresponding software according to the link information in described note, detecting described software according to anti-virus storehouse is bogusware;
Determination module, if for detecting that described software is bogusware, then determine that the link information that described note comprises is malicious link information, report described malicious link information to server, and described malicious link information is added in local the first malicious link storehouse stored.
Described mobile terminal also comprises:
First update module, for the malicious link information of reception server broadcast, according to the first malicious link storehouse that malicious link information updating this locality of described reception stores.
A kind of server, described server comprises:
Receiver module, for the link information that mobile terminal receive sends, described link information is the link information in the note after described mobile terminal detects according to its local first malicious link storehouse stored;
3rd detection module, whether is malicious link information for detecting described link information according to the second malicious link storehouse stored, described second malicious link storehouse comprises malicious link information;
Notification module, if be malicious link information for described link information, then notifies described mobile terminal, makes described mobile terminal determine that described note is malice note and tackles described note according to described notice.
Described server also comprises:
Receiver module, for the malicious link information of mobile terminal receive report, and records each malicious link information by the number of times reported and density;
Broadcast module, for according to each malicious link information by the number of times reported and density, broadcast described malicious link information to described mobile terminal, make described mobile terminal according to its local first malicious link storehouse stored of the malicious link information updating of described broadcast.
Tackle a system for malice note, described system comprises described mobile terminal and described server.
In embodiments of the present invention, when receiving note and this note comprises link information, extract the link information that this note comprises, whether this note of link detection according to the malicious link storehouse stored and extraction is malice note, if detect that this note is for malice note, then tackle this note.By carrying out the detection of malice note to the link information in note, realize interception thus, protect the information security of user.
Accompanying drawing explanation
Fig. 1 is a kind of method flow diagram tackling malice note that the embodiment of the present invention 1 provides;
Fig. 2 is a kind of method flow diagram tackling malice note that the embodiment of the present invention 2 provides;
Fig. 3 is a kind of mobile terminal structure schematic diagram that the embodiment of the present invention 3 provides;
Fig. 4 is a kind of server architecture schematic diagram that the embodiment of the present invention 4 provides;
Fig. 5 is a kind of system configuration schematic diagram tackling malice note that the embodiment of the present invention 5 provides.
Embodiment
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing, embodiment of the present invention is described further in detail.
Embodiment 1
As described in Figure 1, embodiments provide a kind of method of tackling malice note, comprising:
Step 101: when receiving note and this note comprises link information, extract the link information that this note comprises;
Step 102: whether be malice note, malicious link storehouse comprises malicious link information if detecting this note according to the link information of the malicious link storehouse stored and extraction;
Step 103: if detect that this note is for malice note, then tackle this note.
In embodiments of the present invention, when receiving note and this note comprises link information, extract the link information that this note comprises, whether detect this note according to the link information of the malicious link storehouse stored and extraction is malice note, if detect that this note is for malice note, then tackle this note.By carrying out the detection of malice note to the link information in note, realize interception thus, protect the information security of user.
Embodiment 2
As shown in Figure 2, embodiments provide a kind of method of tackling malice note, the method comprises:
Step 201: the inbox of mobile terminal to self is monitored in real time, when monitor out receive note time, perform step 202;
Wherein, the note of reception, when receiving note, just leaves in the inbox of mobile terminal by mobile terminal, so in the present embodiment, can monitor in real time the inbox of mobile terminal, have new note when monitoring inbox, just determining that mobile terminal receives note.
Step 202: mobile terminal judges whether comprise link information in this note, if this note comprises link information, then extracts the link information that this note comprises;
Wherein, if this note does not comprise link information, then end operation.
Step 203: the link information of the first malicious link storehouse that mobile terminal stores according to this locality and extraction carries out this locality to this note and detects, if detect that this note is malice note, then perform step 205, if do not detect whether this note is malice note, then perform step 204;
Wherein, the first malicious link storehouse comprises malicious link information.Particularly, mobile terminal searches local the first malicious link storehouse stored, if find out the link information that there is extraction in the first malicious link storehouse, then determines that the link information of extraction is malicious link information, and determines that this note is for malice note; If find out the link information that there is not extraction in the first malicious link storehouse, then in local testing process, do not detect whether the link information of extraction is malicious link information and does not detect whether this note is malice note.
Step 204: the link information of the second malicious link storehouse that mobile terminal stores according to cloud server and extraction carries out high in the clouds detection, if detect as malice note, then performs step 205, if detect it is not malice note, end operation;
Wherein, store the second malicious link storehouse in cloud server, the second malicious link storehouse comprises malicious link.Particularly, search the second malicious link storehouse that cloud server stores, if find out the link information that there is extraction in the second malicious link storehouse of cloud server storage, then determine that the link information of extraction is malicious link information, and determine that this note is for malice note; If find out the link information that there is not extraction in the second malicious link storehouse of cloud server storage, then determine that the link information of extraction is not malicious link information and determines that this note is not malice note.
Wherein, the second malicious link storehouse stored in cloud server comprises the first report number of times and backup information corresponding to malicious link information, this malicious link information, and this backup information comprises the second report number of times and report time of this malicious link information.
Wherein, in the present embodiment, the link information of extraction is sent to cloud server by mobile terminal; Cloud server receives this link information, whether detect this link information according to the second malicious link storehouse stored is malicious link, namely according to the second malicious link storehouse that this malicious link information searching has stored, if find out this link information, then determine that this link information is malicious link information, and notify that this link information of mobile terminal is malicious link information, if do not find out this link information, then notify that this link information of mobile terminal is not malicious link information.
Wherein, said process, specifically can comprise the step of following (1)-(6):
(1): mobile terminal sends the first inquiry request message to cloud server, and the first inquiry request message carries the link information of extraction;
(2) the second malicious link storehouse himself stored: cloud server receives the first inquiry request message, is searched;
(3): if cloud server finds out in the second malicious link storehouse there is this link information, then detect that this link information is malicious link information, send the first query response message to mobile terminal, it is the indication information of malicious link information that first query response message carries for illustration of this link information, to realize notifying mobile terminal;
(4): mobile terminal receives the first query response message, what carry according to the first query response message is the indication information of malicious link information for illustration of this link information, determine that this link information is malicious link information, and determine that this note is for malice note;
(5): if cloud server finds out in the second malicious link storehouse there is not this link information, then detect that this link information is not malicious link information, send the first query response message to mobile terminal, it is not the indication information of malicious link information that first query response message carries for illustration of this link information, to realize notifying mobile terminal;
(6): mobile terminal receives the first query response message, carrying for illustration of this link information according to the first query response message is not the indication information of malicious link information, determine that this link information is not malicious link information, and determine that this note is not malice note.
Step 205: mobile terminal carries out interception operation to this note.
Particularly, this step can be realized by following three kinds of modes, comprise:
The first, convert the link information that this note comprises to character string, then by this note stored in preset memory space in realizes interception this note;
The second, this note is left in default memory space, when user checks the note in default memory space, convert the link information that this note comprises to character string, then show the content of this note, to implement to tackle this note;
Three, this note is directly abandoned, to realize tackling this note.
Wherein, if adopt first kind of way and the second way to tackle note, then user is when checking the malice note in default memory space, the malicious link information comprised due to this malice note is converted into character string, even if so user clicks this malicious link information also triggering mobile terminals can not download Malware corresponding to this malicious link information.
Wherein, if user wonders the information such as the function of the software that the malicious link information that comprises is corresponding in malice note, then user can select a malice note and submit to mobile terminal in the memory space preset;
Correspondingly, mobile terminal receives the malice note that user submits to, and extracts the malicious link information that this malice note comprises, and send the second inquiry request message to proxy server, the second inquiry request message carries the malicious link information of extraction; Proxy server receives the second inquiry request message, corresponding software is downloaded according to the malicious link information that the second inquiry request message carries, and obtain the function information of the software downloaded, send the second query response message to mobile terminal, and this second query response message carries the function information of the software of download; Mobile terminal receives the second query response message, and shows function information that the second query response message carries to user.
Wherein, in the present embodiment, mobile terminal, after detecting that the note of reception is not malice note, continues the note of reception to leave in the inbox of mobile terminal.
Wherein, when user opens and checks the note in inbox, if user clicks the link information comprised in the note of checking, then mobile terminal can download software corresponding to this link information automatically.
Further, mobile terminal detects the software that self downloads according to anti-virus storehouse, if detect that this software is bogusware, the link information that the note that then extraction user checks comprises, determine that this link information is malicious link information, and this malicious link information is added in the second malicious link storehouse self stored, further, mobile terminal can also report this malicious link information to cloud server.
Further, mobile terminal is when detecting that the note of reception is not malice note, mobile terminal can also be analyzed according to the content of Intelligent Information Analysis storehouse to the note received, if the note analyzing reception is refuse messages, then determine that the link information that the note of reception comprises is malicious link information, and this malicious link information is added in the first malicious link storehouse self stored, further, mobile terminal can also report this malicious link information to cloud server.
Wherein, mobile terminal is to cloud server report malicious link information, and the second malicious link storehouse that cloud server is stored according to this malicious link information updating cloud server, specifically can comprise the step of following (A)-(D):
(A): mobile terminal sends report message to cloud server, and this report message carries this malicious link information;
(B) the second malicious link storehouse that the malicious link information searching: cloud server receives this report message, carried according to this report message stores himself;
(C): if cloud server finds out in the second malicious link storehouse himself stored there is not this malicious link information, the initial value of the first report number of times of this malicious link information and the initial value of the second report number of times are then set, the initial value of the first report number of times equals the initial value of the second report number of times, and using the report time of current time as this malicious link information, by this malicious link information, initial value and the backup information of the first report number of times of this malicious link information are stored in the second malicious link storehouse, this malicious link information backup information comprises initial value and the report time of the second report number of times,
(D): if cloud server finds out in the second malicious link storehouse himself stored there is the first report number of times and backup information corresponding to this malicious link information, this malicious link information, this backup information comprises the second report number of times and report time, then increase the first report number of times of this malicious link information, then comprise the second report number of times according to current time, the first report number of times of increase, this backup information and report the report density of this malicious link information of Time Calculation;
Particularly, calculate current time and the time difference between this report time and calculates increase first report that number of times and second reports the number of times difference between number of times, calculate the report density of this malicious link information according to the number of times difference of calculating and time difference.
(E): if the report density calculated is greater than pre-set density, then cloud server broadcasts this malicious link information to mobile terminal;
Wherein, if the report density calculated is less than or equal to preset density value, then end operation.
(F): the second report number of times that this malicious link information backup information comprises by cloud server and report time are updated to first of increase respectively and report number of times and current time.
Further, cloud server also periodically obtains the malicious link information that the first report number of times exceedes preset times from the second malicious link storehouse that self stores, and by the malicious link information broadcasting of acquisition to mobile terminal.
Further, mobile terminal when receive cloud server broadcast malicious link information time, according to receive malicious link information updating self store the first malicious link storehouse.
In embodiments of the present invention, mobile terminal is when receiving note and this note comprises link information, extract the link information that this note comprises, whether detect this note according to the link information of the malicious link storehouse stored and extraction is malice note, if detect that this note is for malice note, then tackle this note.By carrying out the detection of malice note to the link information in note, realize interception thus, protect the information security of user.
Embodiment 3
As shown in Figure 3, embodiments provide a kind of mobile terminal, comprising:
Extraction module 301, for when receiving note and this note comprises link information, extracts the link information that this note comprises;
First detection module 302, whether is malice note for detecting this note according to the link information in the malicious link storehouse stored and extraction, malicious link storehouse comprises malicious link information;
Blocking module 303, if be malice note for this note, then tackles this note.
Wherein, first detection module 302 comprises:
Local detecting unit, for searching the link information that whether there is extraction in local the first malicious link storehouse stored, if there is the link information of extraction in the first malicious link storehouse, then detects that this note is for malice note;
High in the clouds detecting unit, if for the link information that there is not extraction in the first malicious link storehouse, then search the link information that whether there is extraction in the second malicious link storehouse of server stores, if there is the link information of extraction in the second malicious link storehouse, then detect this note for malice note, if there is not the link information of extraction in the second malicious link storehouse, then detect that this note is non-malicious note.
Wherein, blocking module comprises:
First converting unit, converts character string to for the link information this note comprised, then leaves in default memory space by this note, to realize tackling this note; Or,
Second converting unit, for leaving in default memory space by this note, when user checks this note, converting the link information that this note comprises to character string, then showing the content of this note, to realize tackling described note; Or,
Discarding unit, for directly abandoning this note, to realize tackling this note.
Further, mobile terminal also comprises:
Second detection module, if be non-malicious note for this note, then whether, when user downloads corresponding software according to the link information in this note, detecting this software according to anti-virus storehouse is bogusware;
Determination module, if for detecting that this software is bogusware, then determine that the link information that this note comprises is malicious link information, report this malicious link information to server, and this malicious link information is added in local the first malicious link storehouse stored.
Further, this mobile terminal also comprises:
First update module, for the malicious link information of reception server broadcast, according to the first malicious link storehouse that the malicious link information updating this locality received stores.
In embodiments of the present invention, when mobile terminal receives note and this note comprises link information, extract the link information that this note comprises, whether detect this note according to the link information of the malicious link storehouse stored and extraction is malice note, if detect that this note is for malice note, then tackle this note.By carrying out the detection of malice note to the link information in note, realize interception thus, protect the information security of user.
Embodiment 4
See Fig. 4, embodiments provide a kind of server, comprising:
Receiver module 401, for the link information that mobile terminal receive sends, this link information is the link information in the note after mobile terminal detects according to its local first malicious link storehouse stored;
3rd detection module 402, whether this link information is detected in the second malicious link storehouse for storing according to this locality is malicious link information, and the second malicious link storehouse comprises malicious link information;
Notification module 403, if be malicious link information for this link information, then notifies mobile terminal, makes mobile terminal determine that this note is malice note and tackles this note according to this notice.
Further with, this server also comprises:
Receiver module, for the malicious link information of mobile terminal receive report, and records each malicious link information by the number of times reported and density;
Broadcast module, for according to each malicious link information by the number of times reported and density, broadcast described malicious link information to mobile terminal, make mobile terminal according to its local first malicious link storehouse stored of the malicious link information updating of described broadcast.
Embodiment 5
See Fig. 5, embodiments provide a kind of system of tackling malice note, comprise mobile terminal 501 as described in Example 3 and server as described in Example 4 502.
In embodiments of the present invention, when mobile terminal receives note and this note comprises link information, extract the link information that this note comprises, whether detect this note according to the link information of the malicious link storehouse stored and extraction is malice note, if detect that this note is for malice note, then tackle this note.By carrying out the detection of malice note to the link information in note, realize interception thus, protect the information security of user.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can have been come by hardware, the hardware that also can carry out instruction relevant by program completes, described program can be stored in a kind of computer-readable recording medium, the above-mentioned storage medium mentioned can be read-only memory, disk or CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (15)
1. tackle a method for malice note, it is characterized in that, described method comprises:
When receiving note and described note comprises link information, extract the link information that described note comprises;
Whether be malice note, described malicious link storehouse comprises malicious link information if detecting described note according to the link information of the malicious link storehouse stored and described extraction;
If described note is malice note, then tackle described note;
Receive the malice note that user submits to, extract the malicious link information that described malice note comprises, send inquiry request message to proxy server, described inquiry request message carries the malicious link information of described extraction, makes described proxy server download corresponding software according to the malicious link information that inquiry request message carries and obtain the function information of the software of described download;
Receive the query response message that described proxy server sends, described query response message carries the function information of the software of described download, and the function information that display query response message carries is to user.
2. the method for claim 1, is characterized in that, the described note of described interception, comprising:
Convert the link information that described note comprises to character string, more described note is left in default memory space to realize tackling described note; Or,
Described note is left in default memory space, when user checks described note, convert the link information that described note comprises to character string, then show the content of described note, to realize tackling described note; Or,
Directly abandon described note, to realize tackling described note.
3. method as claimed in claim 1 or 2, is characterized in that, whether the malicious link storehouse that described basis has stored and the link information of described extraction detect described note is malice note, comprising:
Search the link information that whether there is described extraction in local the first malicious link storehouse stored;
If there is the link information of described extraction in described first malicious link storehouse, then detect that described note is for malice note;
If there is not the link information of described extraction in described first malicious link storehouse, then search the link information that whether there is described extraction in the second malicious link storehouse of server stores, if there is the link information of described extraction in described second malicious link storehouse, then detect that described note is for malice note, if there is not the link information of described extraction in described second malicious link storehouse, then detect that described note is non-malicious note.
4. method as claimed in claim 3, it is characterized in that, described method also comprises:
If described note is non-malicious note, then whether, when user downloads corresponding software according to the link information in described note, detecting described software according to anti-virus storehouse is bogusware;
If detect that described software is bogusware, then determine that the link information that described note comprises is malicious link information, report described malicious link information to server, and described malicious link information is added in local the first malicious link storehouse stored.
5. method as claimed in claim 3, it is characterized in that, described method also comprises:
The malicious link information of reception server broadcast, according to the first malicious link storehouse that malicious link information updating this locality of described reception stores.
6. a mobile terminal, is characterized in that, described mobile terminal comprises:
Extraction module, for when receiving note and described note comprises link information, extracts the link information that described note comprises;
First detection module, whether is malice note for detecting described note according to the link information in the malicious link storehouse stored and described extraction, described malicious link storehouse comprises malicious link;
Blocking module, if be malice note for described note, then tackles described note;
Described mobile terminal, also for receiving the malice note that user submits to, extract the malicious link information that described malice note comprises, send inquiry request message to proxy server, described inquiry request message carries the malicious link information of described extraction, makes described proxy server download corresponding software according to the malicious link information that inquiry request message carries and obtain the function information of the software of described download; Receive the query response message that described proxy server sends, described query response message carries the function information of the software of described download, and the function information that display query response message carries is to user.
7. mobile terminal as claimed in claim 6, it is characterized in that, described blocking module comprises:
First converting unit, converts character string to for the link information described note comprised, then to realize tackling described note in the memory space described note being left in expectation; Or,
Second converting unit, for leaving in default memory space by described note, when user checks described note, converts the link information that described note comprises to character string, then shows the content of described note, to realize tackling described note; Or,
Discarding unit, for directly abandoning described note, to realize tackling described note.
8. mobile terminal as claimed in claims 6 or 7, it is characterized in that, described first detection module comprises:
Local detecting unit, for searching the link information that whether there is described extraction in local the first malicious link storehouse stored, if there is the link information of described extraction in described first malicious link storehouse, then detects that described note is for malice note;
High in the clouds detecting unit, if for the link information that there is not described extraction in described first malicious link storehouse, then search the link information that whether there is described extraction in the second malicious link storehouse of server stores, if there is the link information of described extraction in described second malicious link storehouse, then detect described note for malice note, if there is not the link information of described extraction in described second malicious link storehouse, then detect that described note is non-malicious note.
9. mobile terminal as claimed in claim 8, it is characterized in that, described mobile terminal also comprises:
Second detection module, if be non-malicious note for described note, then whether, when user downloads corresponding software according to the link information in described note, detecting described software according to anti-virus storehouse is bogusware;
Determination module, if for detecting that described software is bogusware, then determine that the link information that described note comprises is malicious link information, report described malicious link information to server, and described malicious link information is added in local the first malicious link storehouse stored.
10. mobile terminal as claimed in claim 8, it is characterized in that, described mobile terminal also comprises:
First update module, for the malicious link information of reception server broadcast, according to the first malicious link storehouse that malicious link information updating this locality of described reception stores.
11. 1 kinds tackle malice note system, it is characterized in that, described system comprises mobile terminal and server;
Described mobile terminal comprises:
Extraction module, for when receiving note and described note comprises link information, extracts the link information that described note comprises;
First detection module, whether is malice note for detecting described note according to the link information in the malicious link storehouse stored and described extraction, described malicious link storehouse comprises malicious link;
Blocking module, if be malice note for described note, then tackles described note;
Described mobile terminal, also for receiving the malice note that user submits to, extract the malicious link information that described malice note comprises, send inquiry request message to proxy server, described inquiry request message carries the malicious link information of described extraction, makes described proxy server download corresponding software according to the malicious link information that inquiry request message carries and obtain the function information of the software of described download; Receive the query response message that described proxy server sends, described query response message carries the function information of the software of described download, and the function information that display query response message carries is to user;
Described server comprises:
Receiver module, for the link information that mobile terminal receive sends, described link information is the link information in the note after described mobile terminal detects according to its local first malicious link storehouse stored;
3rd detection module, whether described link information is detected in the second malicious link storehouse for storing according to this locality is malicious link information, and described second malicious link storehouse comprises malicious link information;
Notification module, if be malicious link information for described link information, then notifies described mobile terminal, makes described mobile terminal determine that described note is malice note and tackles described note according to described notice;
Receiver module, for the malicious link information of mobile terminal receive report, and records each malicious link information by the number of times reported and density;
Broadcast module, for according to each malicious link information by the number of times reported and density, broadcast described malicious link information to described mobile terminal, make described mobile terminal according to its local first malicious link storehouse stored of the malicious link information updating of described broadcast.
12. systems as claimed in claim 11, it is characterized in that, described blocking module comprises:
First converting unit, converts character string to for the link information described note comprised, then to realize tackling described note in the memory space described note being left in expectation; Or,
Second converting unit, for leaving in default memory space by described note, when user checks described note, converts the link information that described note comprises to character string, then shows the content of described note, to realize tackling described note; Or,
Discarding unit, for directly abandoning described note, to realize tackling described note.
13. systems as described in claim 11 or 12, it is characterized in that, described first detection module comprises:
Local detecting unit, for searching the link information that whether there is described extraction in local the first malicious link storehouse stored, if there is the link information of described extraction in described first malicious link storehouse, then detects that described note is for malice note;
High in the clouds detecting unit, if for the link information that there is not described extraction in described first malicious link storehouse, then search the link information that whether there is described extraction in the second malicious link storehouse of server stores, if there is the link information of described extraction in described second malicious link storehouse, then detect described note for malice note, if there is not the link information of described extraction in described second malicious link storehouse, then detect that described note is non-malicious note.
14. systems as claimed in claim 13, it is characterized in that, described mobile terminal also comprises:
Second detection module, if be non-malicious note for described note, then whether, when user downloads corresponding software according to the link information in described note, detecting described software according to anti-virus storehouse is bogusware;
Determination module, if for detecting that described software is bogusware, then determine that the link information that described note comprises is malicious link information, report described malicious link information to server, and described malicious link information is added in local the first malicious link storehouse stored.
15. systems as claimed in claim 13, it is characterized in that, described mobile terminal also comprises:
First update module, for the malicious link information of reception server broadcast, according to the first malicious link storehouse that malicious link information updating this locality of described reception stores.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210140190.8A CN103391520B (en) | 2012-05-08 | 2012-05-08 | A kind ofly tackle the malice method of note, terminal, server and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210140190.8A CN103391520B (en) | 2012-05-08 | 2012-05-08 | A kind ofly tackle the malice method of note, terminal, server and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103391520A CN103391520A (en) | 2013-11-13 |
| CN103391520B true CN103391520B (en) | 2016-01-20 |
Family
ID=49535661
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210140190.8A Active CN103391520B (en) | 2012-05-08 | 2012-05-08 | A kind ofly tackle the malice method of note, terminal, server and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103391520B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632097A (en) * | 2013-12-13 | 2014-03-12 | 扬州永信计算机有限公司 | Security threat processing method of portable mobile terminal |
| CN103714291A (en) * | 2013-12-30 | 2014-04-09 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN106507319A (en) * | 2015-08-04 | 2017-03-15 | 北京壹人壹本信息科技有限公司 | A kind of recognition methods of malice short message and device |
| CN106686599B (en) * | 2015-11-05 | 2020-10-20 | 创新先进技术有限公司 | Method and equipment for risk management of application information |
| CN105491239B (en) * | 2015-12-11 | 2018-10-12 | 北京奇虎科技有限公司 | The hold-up interception method and device of junk information |
| CN107094126A (en) * | 2016-02-17 | 2017-08-25 | 中国移动通信集团浙江有限公司 | A kind of hold-up interception method of messaging virus, apparatus and system |
| CN106028334A (en) * | 2016-04-28 | 2016-10-12 | 北京小米移动软件有限公司 | Method and device for identifying information and terminal |
| CN108322912B (en) * | 2017-01-16 | 2021-01-15 | 中国移动通信有限公司研究院 | Method and device for distinguishing short messages |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192217A (en) * | 2006-11-28 | 2008-06-04 | 阿里巴巴公司 | Method for canceling harmful code of hypertext marker language |
| CN101895868A (en) * | 2010-04-29 | 2010-11-24 | 上海华勤通讯技术有限公司 | Method for filtering fallacious message based on mobile phone |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100579150C (en) * | 2007-03-20 | 2010-01-06 | 中国移动通信集团江苏有限公司 | Method for screen selecting and catching vicious disturbing calls |
-
2012
- 2012-05-08 CN CN201210140190.8A patent/CN103391520B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101192217A (en) * | 2006-11-28 | 2008-06-04 | 阿里巴巴公司 | Method for canceling harmful code of hypertext marker language |
| CN101895868A (en) * | 2010-04-29 | 2010-11-24 | 上海华勤通讯技术有限公司 | Method for filtering fallacious message based on mobile phone |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103391520A (en) | 2013-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103391520B (en) | A kind ofly tackle the malice method of note, terminal, server and system | |
| CN103051617B (en) | The method of the network behavior of recognizer, Apparatus and system | |
| US9277378B2 (en) | Short message service validation engine | |
| CN109104438B (en) | Botnet early warning method and device in narrow-band Internet of things and readable storage medium | |
| CN104484259A (en) | Application program traffic monitoring method and device, and mobile terminal | |
| CN105263142A (en) | Method and device for identifying pseudo base station | |
| CN111800412A (en) | Advanced sustainable threat tracing method, system, computer equipment and storage medium | |
| CN104021141A (en) | Method, device and system for data processing and cloud service | |
| CN113225339B (en) | Network security monitoring method and device, computer equipment and storage medium | |
| KR102469441B1 (en) | A method and an apparatus for monitoring global failure of virtual gateway cluster | |
| CN112511517A (en) | Mail detection method, device, equipment and medium | |
| CN111901326B (en) | Multi-device intrusion detection method, device, system and storage medium | |
| EP2930995B1 (en) | Terminal peripheral management method and m2m gateway | |
| CN105515909A (en) | Data collection test method and device | |
| US20150215333A1 (en) | Network filtering apparatus and filtering method | |
| KR20130065322A (en) | Sns trap collection system and url collection method by the same | |
| CN113595981A (en) | Method and device for detecting threat of uploaded file and computer-readable storage medium | |
| US11159548B2 (en) | Analysis method, analysis device, and analysis program | |
| CN105139599A (en) | Community alarm method and system | |
| CN103067360A (en) | Method and system for procedure network behavior identification | |
| CN105205390A (en) | Security check system and security check method of mobile terminal | |
| CN113934735B (en) | Method and device for processing data | |
| KR101428721B1 (en) | Method and system for detecting malicious traffic by analyzing traffic | |
| CN111191234A (en) | Method and device for detecting virus information | |
| CN108347422B (en) | Safety protection method and system for linkage of terminal side and flow side |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |